AWS Security Hub partners

Find an AWS Partner

AWS Security Hub can automatically aggregate security findings data from supported AWS Partner security solutions, so you can have a comprehensive view of security and compliance across your AWS environment. 

Software

Botprise is a no-code based automatic remediation platform for multi-cloud security misconfigurations. Botprise’s AWS Security Hub integration allows seamless two-way communication between the two products. The integration allows Botprise to receive security misconfiguration alerts from Security Hub. Botprise provides a semantic layer of remediation apps for CIS and AWS security framework compliance that can automatically map Security Hub alerts to the appropriate remediation action and execute, thereby allowing your cloud assets to remain compliant at all times. Post the remediation action Botprise also has the ability to clear, enrich and annotate the security alert on Security Hub.

Contrast Security

Contrast Security is a world-leading code security platform company purposely built for developers to get secure code moving and trusted by security teams to protect business applications. Developers, security, and operations teams quickly secure code across the complete Software Development Life Cycle with Contrast to protect against targeted Application Security attacks. Contrast Security Assess is a real-time, interactive application security testing (IAST) solution that integrates with AWS Security Hub providing customers with centralized visibility around vulnerabilities and remediation guidance for web apps, APIs, and microservices.

Plerion

Plerion is a Cloud Security Platform with a unique threat-led, risk-driven approach offering customer preventative, detective, and corrective action across their workloads. Plerion customers achieve greater efficiencies with their resources while simultaneously driving down risks and costs. Plerion’s seamless integration with AWS Security Hub ensures customers continue to optimize their existing operational procedures and remain focused on what really matters. Customers have the control to define exactly what they want to send to AWS Security Hub, supported with remediation steps offered by Plerion.

Drata

Drata provides an advanced security and compliance automation platform with the mission of making compliance effortless and accessible for companies of all sizes. With Drata, thousands of companies streamline over 14 compliance frameworks—such as SOC 2, ISO 27001, GDPR, and more—through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for audits. Drata’s AWS Security Hub integration provides customers the ability to consolidate all Drata security events under a single dashboard with AWS Security Hub.

Snyk

Snyk provides a developer-friendly security platform that helps customers find and fix vulnerabilities quickly and accurately across cloud, container and serverless workloads, helping accelerate customer migration and modernization initiatives while drastically reducing security risks across both the application workloads as well as the running cloud environment. Snyk can import security events such as vulnerability findings and software configuration checks for security practitioners to be able to aggregate security events in AWS Security Hub and correlate Snyk findings with other security telemetry from AWS native services, as well as other third parties.

3CORESec

3CORESec provides managed detection services for both on-premises and AWS customers. Focused on open standards and open source software, its integration with AWS Security Hub allows visibility into malware, privilege escalation, lateral movement, improper network segmentation, and more. Customers can complement this integration through the usage of its managed SIEM offer, which provides visibility into network, cloud, and endpoint data.

Aqua Security

Aqua Security was founded in 2015, as containers and serverless technologies were just emerging, recognizing that the dramatic change in application development and architecture requires an equally dramatic shift in security. Aqua Cloud Native Security Platform provides full lifecycle security for container-based and serverless applications, from your CI/CD pipeline to runtime production environments. The Aqua platform has data about the container host and the containers running on the host. The integration allows the platform to send alerts to AWS Security Hub.

Atlassian Opsgenie

Use Atlassian Opsgenie Amazon Security Hub Integration to forward Amazon Security Hub findings to Atlassian Opsgenie. Atlassian Opsgenie will determine the right people to notify based on on-call schedules and notify them via email, text messages (SMS), phone calls, and iOS & Android push notifications. Opsgenie will escalate alerts until the alert is acknowledged or closed. Amazon Security Hub sends findings which match with the corresponding CloudWatch Event rule to CloudWatch. Selecting SNS topic for target publishes the related event message for findings to SNS, which will send this message to Atlassian Opsgenie at the end.

Barracuda Cloud Security Guardian

Barracuda Cloud Security Guardian is an agentless SaaS service that leverages the native security capabilities of AWS by policing the management and data planes. It automates the implementation of security and compliance across your deployment enabling you to stay secure while building applications in AWS. To further enhance security, the integrated Cloud Storage Shield, scans your Amazon S3 buckets for malware, quarantining any threats whilst sending logs back to AWS Security Hub.

BigID

BigID product helps companies manage and protect sensitive data (PII) across all their systems. It scans data sources (databases, file shares, cloud services, etc.) and discovers PII and data relevant to privacy regulations (GDPR, HIPAA, etc). Use this integration to leverage BigID's OOTB policies and receive instant findings on PII found and policy violations seamlessly in your AWS Security Hub console. You can review the findings, investigate further by connecting to the BigID tool, choose the proper course of action, and create additional workflows based on the finding.

Blue Hexagon

Blue Hexagon is a real-time threat detection platform using deep learning principles to detect known and unknown threats, including malware and network anomalies.

Capitis Solutions

Capitis Solutions has a proven track record of delivering large scale information security compliance solutions for regulated industries. C2VS, our compliance product, identifies application centric vulnerabilities related to misconfigurations. Our scans automate security audit evidence gathering through continuous verification of your custom application configurations. C2VS scans compare security configurations for targeted resources against your custom baselines. Any misconfigurations are published to Security Hub. Security operations teams can use Security Hub as a single pane of glass to monitor, raise alerts, and remediate issues.

Caveonix Cloud Platform

Caveonix Cloud Platform ensures full visibility, continuous assessment, and prioritized mitigation across hybrid cloud deployments, including VMC on AWS, cloud-native services, virtual machines (VMs), and containers. The integration with AWS Security Hub provides a comprehensive perspective on high-priority security alerts and compliance status. It merges data from various AWS services with Caveonix’s advanced analytics and risk mitigation modeling. As a result, organizations gain the ability to monitor their security stance proactively and reactively while effectively protecting hybrid cloud workloads. This is facilitated through centralized insights from both Caveonix and AWS services.

Check Point CloudGuard

Check Point CloudGuard complements native AWS controls to bring enhanced security for protecting customer environments from even the most sophisticated threats. CloudGuard IaaS's native API integration with AWS Security Hub feeds critical threat alerts into the console. It adds contextual information such as asset tags, security groups and availability zones to dynamically update security policies. CloudGuard's next-generation threat prevention is driven by the platform’s native firewall, IPS, application control, IPsec VPN, antivirus, and anti-bot capabilities. Customers can quickly ensure they are protected against both north-south and east-west cyber attacks from a single consolidated console.

Claroty

Claroty enables organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT). The company’s unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Claroty empowers AWS Security Hub by seamlessly integrating into environments regardless of scale, architecture, or the maturity of existing cybersecurity programs.

Cloud Storage Security

Cloud Storage Security's Antivirus for Amazon S3 provides cloud native anti-malware and antivirus scanning for Amazon S3 objects. Antivirus for Amazon S3 offers real time and scheduled scans of objects and files in Amazon S3 for malware and threats. It provides visibility and remediation for problem and infected files.

Kion

Kion offers enterprises a cloud governance solution that supports AWS by simplifying account management, enforcing budgets, and continuous compliance. Using Kion, customers get visibility, control, and agility for all users in a single interface. Customers can send and receive Security Hub findings from multiple AWS accounts in the Compliance Dashboard and configure remediation to ensure findings are resolved when they are discovered.

CrowdStrike

CrowdStrike Falcon® provides cloud workload protection, unifying next-generation antivirus, endpoint detection and response (EDR), IT hygiene, and a 24/7 managed hunting service — all delivered via a single lightweight agent. CrowdStrike Falcon seamlessly integrates with AWS Security Hub, providing a comprehensive, real time, view of high priority security alerts and satisfying the security and compliance needs of DevSecOps teams. CrowdStrike Falcon uses artificial intelligence/machine learning and sophisticated behavioral-based detections that are fully integrated with AWS Security Hub, ensuring that customers have the next layer of protection against advanced cyber attacks.

CyberArk

CyberArk is a global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. The CyberArk integration with AWS Security Hub provides rich data sets of high-risk, privileged access activity and behavior. The solution provides cloud security teams with the information they need to respond to the most critical threats to the organizations. From a single control point within AWS, CyberArk helps provide a complete, measurable and actionable risk reduction program in securing privileged access within the cloud.

DataTheorem

Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. Data Theorem products help organizations prevent AppSec data breaches. The company has detected more than 1 billion application eavesdropping incidents and currently secures more than 8,000 modern applications for its Enterprise customers around the world.

DisruptOps

DisruptOps provides automated AWS security and compliance assessment and remediation guardrails. DisruptOps' SaaS platform continuously monitors all registered AWS accounts and regions for misconfigurations, vulnerabilities, and non-compliant settings. They provide one-click or fully automated remediations for discovered issues. By integrating with Security Hub, customers gain more advanced assessments such as SSRF defense or IAM privilege escalation risk identification. Customers can remediate issues directly in Security Hub or in DisruptOps via API or their console. DisruptOps also adds enterprise capabilities and integrations to Security Hub, including notifications, and centralized management.

FireEye

FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. FireEye Helix integrates disparate security tools and augments them with next generation SIEM, orchestration, and threat intelligence capabilities to capture the untapped potential of security investments. FireEye Helix integrates with AWS Security Hub to pull data from Security Hub, analyzes threats, and correlates with other security event streams to detect and protect against advanced threats.

Fugue
Fugue is a cloud security SaaS platform that empowers engineers to secure cloud infrastructure at every stage of the development lifecycle while providing centralized cloud security visibility and governance across the organization. Fugue is an agentless, scalable cloud-native platform that automates the continuous validation of infrastructure as code and cloud runtime environments using the same policies—and delivers results to AWS Security Hub. Fugue’s Unified Policy Engine leverages Open Policy Agent—the open standard for policy as code—and enables advanced custom policy development along with turnkey support for the AWS Well-Architected Framework and industry compliance standards.  

Forcepoint offers a systems-oriented approach to insider threat detection and analytics, cloud-based user and application protection, next-gen network protection, data security, and systems visibility.

To secure cloud environments, Forcepoint NGFW brings leading next generation firewall technology to AWS with the scalability, operational efficiency, and strong security that Forcepoint NGFW is known for. Forcepoint NGFW's integration with AWS Security Hub provides customers with unified reporting for cloud and hybrid environments, comprehensive security, and detailed supporting evidence from its advanced detection capabilities to protect customers' data and systems from all types of threats.

Forcepoint DLP allows you to discover and control data wherever it lives, whether on the cloud or on the network, via email and at the endpoint. Its integration with AWS Security Hub provides customers with unified visibility and reporting for cloud and hybrid environments, addressing human-centric risk with visibility and control everywhere your people work and everywhere your data resides.

Forcepoint CASB allows you to discover cloud application use, analyze risk, and enforce appropriate controls for SaaS and custom applications. Its integration with AWS Security Hub gives you enhanced visibility and control over both sanctioned and unsanctioned cloud applications, ensuring the security of employees and data.

Forcepoint Cloud Security Gateway (CSG) is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever you are. Forcepoint CSG sends findings to Security Hub about policy violations, actions resulting from traffic and/or email inspection rules, threats, and other events identified by CSG.

Fortinet

Fortinet's Security Fabric solutions are trusted by over 600,000 organizations around the world. FortiCNP, Fortinet’s cloud-native protection solution, provides customers with actionable insights based on security findings from AWS Security Hub, Amazon Inspector, Amazon GuardDuty, and Fortinet Security Fabric solutions such as FortiGate and FortiWeb. FortiCNP calculates risk for cloud resources by correlating multiple security findings using a patented risk score algorithm and presents customers with a prioritized list of resources that have the most risk impact on their cloud environment. By using FortiCNP Fortinet and AWS joint customers reduce alert fatigue and maximize the value of their security investments.

Guardicore

Guardicore is the segmentation company disrupting the legacy firewall market. Its software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, it offers greater security and visibility in the cloud, datacenter, and endpoint. Guardicore's mission goes beyond creating great technology. It continuously engages with customers as a trusted partner, ensuring they maximize the value of their security investments beyond their original goals and expectations.

HackerOne

HackerOne connects organizations with a global ethical hacker community to identify and fix vulnerabilities before they can be exploited. Vulnerabilities are ranked by risk severity and remediation advice is provided. By facilitating hacker communications and payments, integrating with existing security workflows, and managing the vulnerability lifecycle within the HackerOne SaaS platform, customers across industries can scale security and reduce risk. With the integration into AWS Security Hub, HackerOne vulnerability findings are aggregated and prioritized, accelerating risk remediation in cloud applications.

Lacework

Lacework Polygraph® Data Platform learns and understands behaviors that introduce risk across your AWS cloud, so you can innovate with speed and safety. With visibility from build time through runtime and automated insights into unusual activity, threats, vulnerabilities, and misconfigurations, you gain the context to prioritize and act faster. Using patented cloud behavioral analytics, the Platform automatically learns how your environment is supposed to run and tells you when it deviates — providing the right alert, with the right context. As a CSMP leader, Lacework integrates with AWS Security Hub to ensure you can build better and securely in your AWS environment.

Logz.io

Logz.io Cloud SIEM enables SecOps teams to quickly identify and investigate threats across the entire attack surface. Logz.io Cloud SIEM specifically provides a fast, flexible, low-cost cloud-native SIEM that prioritizes threats in distributed cloud environments. Unlike legacy SIEMs that force teams to choose between data retention and querying speeds, Logz.io delivers rapid query response over large data sets, while providing API interoperability for every feature. Logz.io Cloud SIEM directly integrates security data from AWS Security Hub to provide full visibility of the threat levels across the organization. Events can also be sent from the Logz.io Cloud SIEM back into AWS Security Hub.

IBM Security

IBM QRadar supports AWS Security Hub via an integrated system of analytics and real-time defenses to give security teams extended visibility into high-priority security alerts and automate compliance checks on a single dashboard. This powerful integration shares prioritized and aggregated security findings and events from multiple AWS services and AWS Partner Network security solutions and parses it into the QRadar dashboard for deeper security analysis and context across the broader hybrid environment. This consolidated view of actionable graphs and tables enables security analysts to drill-down into AWS event data for faster, more accurate threat detection and response, while improving compliance posture.

McAfee

McAfee MVISION Cloud Native Application Protection Platform (CNAPP) is a security service that combines Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) in a single solution. MVISION CNAPP helps customers identify security risks by benchmarking service configurations against compliance standards like CIS AWS Foundations Benchmark, PCI, and HIPAA, and offers policies that can automatically remediate misconfigurations. MVISION CNAPP also helps customers prevent data breaches by protecting sensitive data stored on Amazon S3, identifying software vulnerabilities, and delivering advanced threat protection for applications hosted on AWS container and compute services. MVISION CNAPP integrates with the AWS Security Hub by allowing customers to publish CNAPP security incidents in near real-time to AWS Security Hub automatically.

MetricStream

MetricStream is the global SaaS company of Integrated Risk Management (IRM), Governance, Risk, and Compliance (GRC) solutions that empower organizations to thrive on risk. MetricStream CyberGRC helps safeguard organizations with an integrated solution, purpose-built to manage, measure, and mitigate cyber risk across the enterprise. Continuous Control Monitoring involves integration with AWS Security Hub to receive and store the Security Hub findings in MetricStream CyberGRC. This integration provides cyber security professionals with an enhanced understanding of their risk posture based on actual controls. Customers get a single risk dashboard for more meaningful insights, analysis, and risk evaluation.

Micro Focus
Micro Focus brings the extensive security expertise to help customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. Micro Focus ArcSight Security Operations (SecOps) solution provides a multi-layered analytics approach, merging SIEM, search/hunt, machine learning/UEBA and SOAR components to maximize the efficiency and effectiveness of SOC teams' detection and reaction capabilities. ArcSight AWS Security Hub SmartConnector converts the security findings, originally in ASFF format to CEF format, and forwards them to an ArcSight destination.
NETSCOUT

NETSCOUT helps assure digital business services against disruptions in availability, performance, and security. The combination of NETSCOUT’s Omnis Cyber Intelligence (OCI) and vSTREAM software with AWS packet access services helps contain costs and achieve better efficiencies in mitigating novel security threats as enterprises move applications to the cloud. NETSCOUT OCI is an enterprise-wide network threat, risk investigation, and forensic analysis platform that helps reduce the impact of cyber threats on businesses. Customers can easily detect, validate, investigate, and respond to threats with this analytics system that also integrates with AWS Security Hub.

New Relic

New Relic Vulnerability Management empowers organizations to manage their security posture and risk as a core part of their observability strategy. This new offering helps engineering teams eliminate data and team silos that can cause security blind spots, slow mitigation times, and lower innovation velocity. With Vulnerability Management, all native and external security data is available in a single platform to give engineers instant visibility and context-driven security analysis across the entire software stack as part of our industry leading APM product, without any additional configuration.

PagerDuty

PagerDuty's digital operations management platform empowers teams to proactively mitigate customer-impacting issues by automatically turning any signal into the right insight and action. AWS users can use PagerDuty’s set of AWS integrations to scale their AWS and hybrid environments with confidence. When coupled with AWS Security Hub’s aggregated and organized security alerts, PagerDuty allows teams to automate their threat response process and quickly set up custom actions to prevent potential issues. PagerDuty customers who are undertaking a cloud migration project can move quickly, while decreasing the impact of issues that occur throughout the migration lifecycle.

Palo Alto Networks

Palo Alto Networks integrates three leading security products—Prisma Cloud, VM-Series, and Cortex XSOAR—with AWS Security Hub to provide customers with improved visibility, security, compliance assurance, and response to cloud threats.

Prisma Cloud offers broad security and compliance coverage for applications, data, and the entire cloud-native technology stack throughout the development lifecycle and across any cloud deployment architecture. Integrated with AWS Security Hub, Prisma Cloud enables organizations to monitor assets and send alerts on resource configurations, compliance violations, network security risks, and anomalous user activities across all of their AWS infrastructure. Prisma Cloud - Compute is also integrated with Security Hub, which allows teams to send their container security findings to Security Hub.

Palo Alto VM-Series integration with AWS Security Hub collects threat intelligence and sends it to the VM-Series next-gen firewall as an automatic security policy update that blocks malicious (IP address) activity.

Cortex XSOAR integrates with AWS Security Hub and a host of AWS services as well as hundreds of security/IT products. Teams can correlate incident context, automate repetitive tasks, coordinate with other teams for remediation, and standardize incident response across an entire (multi-cloud, hybrid, on-prem) environment.

Qualys

The Qualys integration with AWS Security Hub provides customers the ability to consume security and compliance findings about their AWS Instances and accounts within the AWS Security Hub console. Customers have access to critical vulnerabilities, missing patches, open ports, as well as the compliance to CIS, PCI, NIST, HIPAA, and security policies of their Instances and AMIs. Customers can also assess misconfigurations of VPCs, Security Groups, Amazon S3, and IAM against the CIS Benchmark. The Qualys integration with AWS Security Hub allows customers to prioritize their risks and automate remediation using services, such as AWS Lambda.

Rapid7

Rapid7 InsightVM, an industry-leading vulnerability assessment solution, utilizes the power of the Insight platform to provide visibility across your modern ecosystem, prioritize risk using attacker analytics, and remediate or contain threats with SecOps agility. With InsightVM, vulnerabilities are discovered in real time and prioritized actionably. By integrating InsightVM with AWS Security Hub, vulnerabilities detected in a business's Amazon EC2 instances are automatically sent to AWS Security Hub for a holistic view of its cloud security posture. With additional vulnerability context from InsightVM, businesses can prioritize its team’s security tasks more efficiently and reduce measurable risk in its AWS cloud.

Rapid7 InsightConnect automatically shares and reacts to findings in AWS Security Hub. InsightConnect is a security orchestration and automation solution that features over 270 plugins, meaning that a finding in Security Hub can trigger a new DevOps ticket, lock down a user's credentials, remediate vulnerabilities through a patch management tool, and much more. By sharing Security Hub findings with other systems and triggering automatic reactions to specific types of findings, InsightConnect ensures SecOps teams have the complete picture without getting bogged down responding to alerts.

RSA Archer

RSA Archer is a risk management tool that provides solutions in sectors such as business resiliency, operational and enterprise risk management, audit management, public sector, security and IT risk management, third-party governance, and regulatory compliance management.

The RSA Archer AWS Security Hub integration leverages findings obtained from Security Hub and GuardDuty, in conjunction with data from other sources, to assess the overall level of a customer's compliance and to identify suspicious activity detected on their IT footprint. By connecting the integration with RSA Archer's Issues Management solution, customers can conduct a formal remediation process on critical findings.

SecureCloudDB

SecureCloudDB automates asset discovery, configuration checks, and database activity monitoring for public cloud databases, making it easy for organizations to protect sensitive data where it lives and adhere to compliance frameworks. The SecureCloudDB and AWS Security Hub integration reduces database security risk and improves incident response time by delivering relevant incident data and simplifying the remediation process. Real-time findings generated via security policy alerts in SecureCloudDB are pushed to Security Hub, allowing organizations to instantly correlate the findings with other tooling as well as deploy a library of Lambda functions to automate remediation.

SentinelOne

SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform. Available via the SentinelOne Singularity Marketplace, the new integration with AWS Security Hub filters high-fidelity threat information from SentinelOne agents running on Amazon Web Services (AWS) through AWS Security Hub. This allows organizations to effectively defend cloud workloads with centralized insights from SentinelOne, AWS services, and additional security tools.

The SentinelOne integration for AWS Security Hub delivers high-fidelity threat information from SentinelOne agents running on AWS workloads to AWS Security Hub. AWS Security Hub then aggregates, organizes, and prioritizes security alerts, enabling security teams to prioritize and respond effectively to any threat in progress. The integration retrieves findings, including metadata, from the SentinelOne console and pushes them to AWS Security Hub, enabling incident investigation directly from AWS Security Hub. SentinelOne incidents are normalized to AWS Security Finding Format (ASFF), eliminating the need to convert or parse security data.

ServiceNow

ServiceNow delivers cloud-based automated workflows to help security professionals quickly respond to incidents and vulnerabilities, prioritized to their potential impact to the business. Its integrations with AWS Security Hub for IT Service Management extend the same governance and compliance workflows from on-premises to cloud environments. Customers can ingest Security Hub data, create an incident with automatic enrichment, and route to the correct path to address the issue.

Slack

Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, California, and has ten offices around the world.

Sonrai Security
Sonrai Security delivers an enterprise security platform, built on patented graphic technology, that perfectly maps access and activities inside a company’s public cloud. Enforce Least Privilege, monitor access to crown jewel data, and automate CSPM. This integration will send security alerts from Sonrai Dig Platform to AWS Security Hub, with enough intelligence to mitigate the risks.
Sophos

Sophos, a global leader in network and endpoint security, integrates with AWS Security Hub. Sophos customers can now link their Sophos Central Management account to their AWS Security Hub account to increase visibility into their security posture, ensure compliance, and better respond to threats. The Sophos Central Management platform is used to manage and deploy Sophos products, including its advanced Server Protection agents deployed to protect Amazon EC2 Windows or Linux instances. With this new integration, alerts sent from the agents are aggregated in AWS Security Hub to help provide a unified view of your AWS security posture.

Splunk

Customers can utilize Splunk’s existing integration with Amazon CloudWatch Events to receive data directly from AWS Security Hub. From there, customers can take an analytics-driven approach to monitor and identify potential threats across AWS Security products like Amazon GuardDuty, Amazon Inspector, VPC Flow Logs, and Amazon Macie directly in the Splunk platform. These findings can then be sent to Splunk Phantom, a Security Automation, Orchestration and Response (SOAR) platform to enhance findings with additional threat intelligence information or to perform automated response actions. By adding broader context to findings, security teams can make well-informed decisions and take action quickly.

Splunk helps organizations ask questions, get answers, take action, and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate and act on all forms of business, IT, security, and Internet of Things data. Splunk Enterprise and Splunk Phantom integrations with the AWS Security Hub are designed to help customers further accelerate detection, investigation, and response to potential threats within their AWS security environment.

StackRox

StackRox extends AWS Security Hub by adding containers and Kubernetes security capabilities. StackRox identifies security risks and policy violations in containers and Kubernetes environments and pushes its security insights into Security Hub, enabling customers to identify, investigate, and respond to security alerts quicker.

Sumo Logic and AWS Security Hub provide a complete security detection and response solution for security teams to address AWS compliance gaps and stop threats and attacks before they can damage your enterprise. Sumo Logic provides security and operations teams a rich analytical platform and access to the underlying machine data so they can investigate the causes, understand compromised resources, anomalous behaviors and malicious attacks. Then, Sumo Logic allows you to quickly and confidently respond to the threats leveraging platform integrations with ticketing tools, incident response platforms, and notification mechanisms.

Symantec

Symantec Cloud Workload Protection (CWP) is a SaaS security service that provides continuous visibility and security for your Amazon EC2 instances. Using AWS APIs and Symantec Endpoint Protection (SEP) technologies, CWP offers advanced threat protection including anti-malware, intrusion detection and prevention (IDS/IPS), and real-time file integrity monitoring (FIM). Customers can use CWP to execute deep file and process scanning on EC2 instances, applications, and containers, and CWP publishes those scan results in the AWS Security Hub.

Learn more | Documentation | Partner profile | Contact

Sysdig

Sysdig is a security and DevOps company that offers state of the art monitoring and security in an integrated platform, as SaaS and on-prem, in a highly scalable way with open source at its core. With Sysdig Secure for cloud, you can leverage asset discovery, risk management, cloud security posture management (CSPM), compliance, automatic ECR and Fargate vulnerability scanning, and threat detection based on AWS CloudTrail. Sysdig Secure automatically sends findings to AWS Security Hub, enabling customers to gain holistic visibility of their security and compliance posture.

Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce their cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver one of the world’s first platform to see and secure any digital asset on any computing platform. Combining Tenable.io® with AWS Security Hub provides our customers with a single view of critical security information, including vulnerabilities — allowing those customers to better identify, investigate and prioritize vulnerabilities — all managed in the Cloud.

ThreatModeler

ThreatModeler is an automated threat modeling solution that secures and scales the enterprise software and cloud development life cycle. It leverages findings from AWS Security Hub data to help enforce compliance and security governance based on identified threats.

Turbot

Turbot delivers Software Defined Operations for the enterprise cloud with automated guardrails that ensure customer cloud infrastructure is secure, compliant, scalable, and cost optimized. Turbot's Guardrail policies for AWS Security Hub help enterprises ensure that AWS Security Hub is setup and configured according to defined policies to manage security alerts and compliance checks centrally across AWS accounts and workloads. In addition, Turbot automatically sends Turbot guardrail event details to AWS Security Hub in real-time to further enhance visibility for customers to have a signal pane of glass of their AWS + Turbot event details in AWS Security Hub.

Vectra

Vectra is transforming cybersecurity by applying advanced AI to detect and respond to risks posed by unauthorized users. The Vectra Cloud NDR platform prevents data breaches by automatically surfacing and prioritizing security risks that are sent to AWS Security Hub, accelerating investigations, enabling proactive risk identification, and initiating immediate intelligent enforcement.

AWS Managed Security Service Providers

Alert Logic

Alert Logic®'s security analysts and security content teams made up of data scientists, researchers and developers work together to constantly gather threat intelligence. They stay on the cutting edge of threat intelligence and use machine-learning that builds on data from our customers to enable ever-smarter, ever-stronger security coverage. Alert Logic then leverages the data to extend the security alerts and compliance status provided by AWS Security Hub to help customers understand impact and respond to findings. They absorb the complexity from threat identification and provide the required expert service for deployment, operation and ongoing security processes. 

Armor

Armor is a security-as-a-service provider. Armor's Anywhere Platform provides security services and integrations that help you accelerate your adoption of AWS. Armor Anywhere integrates with AWS Security Hub to deliver deeper security insights and context to AWS customers by feeding vulnerability scan and malware detection information into the AWS Security Hub. As a result of the integration, users of the service will now be able to receive alerts for high-priority vulnerability and malware information via AWS Security Hub. The integration demonstrates the value of context sharing for enhanced protection of business-critical workloads on AWS.

Rackspace Technology

Rackspace Technology is an AWS Security Hub partner providing managed security services on top of native AWS security products for 24x7x365 monitoring, advanced analysis, and threat remediation by certified security experts in the global Rackspace Technology Security Operations Center (SOC). By integrating with AWS Security Hub, Rackspace Technology automatically pulls threat information and alerts directly from your AWS security products into our SIEM for a comprehensive view and analysis of your environment.

AWS customers who want to improve their security posture but do not have the expertise or the resources to invest in a 24x7x365 SOC can utilize the Cloud Native Security Service from Rackspace Technology.

Services

6pillars
6pillars delivers faster compliance reporting, real time automated remediation and continuous compliance with leading industry standards all with fast and secure automated deployment of AWS Security Hub in concert with other AWS-native security services. When coupled with 6pillars’ patent pending automation orchestration application and comprehensive automation library, customers benefit from continuous compliance monitoring against hundreds of cloud security best practice controls across a growing number of standards all the way through to customizable continuous remediation of cybersecurity issues.
AllCloud

AllCloud's Next-Generation Landing Zone (NGLZ) consulting offer provides a fully automated enterprise-scale governance and security framework that configures and updates multi-account, multi-region AWS Organizations organizational units (OUs) based on AWS services. Findings, alerts, and notifications are consolidated into AWS Security Hub and pushed to an external SIEM.

DFX5

DFX5 provides AWS security consultancy, managed security services, and custom developed serverless solutions extending AWS Security Hub. Solutions are designed to bring transparency into AWS Cloud Environments, continuous monitoring, real-time notifications, comprehensive security macro-view dashboards, and automated remediation actions. Near real-time notifications from AWS Security Hub guarantee findings are remediated immediately after they occur. Remediations are done manually by DFX5 Experts or using the remediation software. Always up-to-date dashboards present current security state of customers AWS environment, including multi-account and multi-region support, all in one centralized place.

HeleCloud

HeleCloud provides strategic technology consultancy, engineering, and cloud-based managed services. HeleCloud's managed services are designed to ensure the continuous operation of business-critical applications and systems by fully managing AWS infrastructure. HeleCloud establishes visibility across customers' environments using an Elasticsearch and Kibana SIEM, ingesting data from multiple AWS services via AWS Security Hub as well as custom and third-party tools and services. Having the ability to analyze the estate, HeleCloud can then provide rapid manual and automated security incident response. 

Keepler

Keepler is a full stack analytics service provider specializing in the design, construction, deployment, and operation of tailored advanced analytics solutions. Keepler leverages AWS Security Hub as a key component of the data solutions to centralize security monitoring and programmatically remediate and escalate security incidences using AWS Lambda serverless functions.

Ubertas Consulting

Ubertas Consulting Foundations for AWS Well-Architected includes a combination of online workshops and DevOps consultancy across an eight-step process to deliver a Well-Architected foundation in two weeks. It uses underlying AWS services such as AWS Control Tower, AWS Security Hub, and AWS CloudFormation.

Open Source Tools

Kube-bench

Kube-bench, an open source tool developed by Aqua Security, checks whether customers Kubernetes cluster is configured in accordance with the recommendations from the Center for Internet Security (CIS), supporting both the CIS Kubernetes Benchmark and the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark. Customers can view findings about non-compliant configuration settings within AWS Security Hub.

Cloud Custodian

Cloud Custodian is a tool that unifies the dozens of tools and scripts most organizations use for managing their public cloud accounts into one open source tool. It uses a stateless rules engine for policy definition and enforcement, with metrics, structured outputs and detailed reporting for clouds infrastructure. Cloud Custodian's integration with Security Hub allows it to both send findings to Security and receive findings for response and remediation actions.

Prowler

Prowler SaaS and Prowler Open Source are as dynamic and adaptable as the environment they're meant to protect. Prowler SaaS redefines cloud security with advanced threat detection, customizable checks, and automated compliance. It's the ideal solution for businesses seeking to fortify their cloud infrastructure against evolving threats and regulatory demands, ensuring both security and simplicity. Prowler Open Source is trusted by thousands of teams, with more than 7M+ downloads and is at the forefront of cloud security. Prowler's security checks can be integrated with AWS Security Hub helping provide customers with a centralized view of the security posture of their AWS environments.

Become an AWS Security Hub Partner

To become a Security Hub Partner, you must be either an AWS Partner, or you have joined the AWS ISV Partner Path and the product that you are using for Security Hub integration has gone through an AWS Foundational Technical Review (FTR), giving that product a “Reviewed by AWS” badge.

If you have a security solution and are interested in becoming an AWS Security Hub Partner, please send an email to securityhub-partners@amazon.com with your company and product(s) names, APN tier level, and contact information.

To get started, download our onboarding documents available in the Resources section below. Please read through (at a minimum) the onboarding guide and FAQs, and then begin working on your manifest.